Closed nodeg closed 9 months ago
Hi @nodeg, thank you very much for your contribution; apologies there has been no review on your pull request.
The warnings and vulnerabilities you observed appear to no longer be present - the Renovate configuration for the Cucumber organisation appears to be doing a good job of keeping dependencies up to date.
Would you perhaps be able clone the repository and verify if the pull request can be closed? Otherwise we can examine whether we can update and get it merged.
I did some more testing with the most recent changes from the main
branch and still see some of the issues
$ npm install
npm WARN deprecated vscode-test@1.6.1: This package has been renamed to @vscode/test-electron, please update to the new name
npm WARN deprecated vsce@2.15.0: vsce has been renamed to @vscode/vsce. Install using @vscode/vsce instead.
> cucumber-official@1.8.0 prepare
> npm run copy-wasms
> cucumber-official@1.8.0 copy-wasms
> mkdir -p out && cp node_modules/@cucumber/language-service/dist/*.wasm out
added 753 packages, and audited 754 packages in 47s
200 packages are looking for funding
run `npm fund` for details
2 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
$ npm audit
# npm audit report
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix --force`
Will install vsce@1.97.0, which is a breaking change
node_modules/xml2js
vsce >=1.98.0-alpha.0
Depends on vulnerable versions of xml2js
node_modules/vsce
2 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
After applying my changes, the issues are gone:
$ npm install
> cucumber-official@1.8.0 prepare
> npm run copy-wasms
> cucumber-official@1.8.0 copy-wasms
> mkdir -p out && cp node_modules/@cucumber/language-service/dist/*.wasm out
added 740 packages, and audited 741 packages in 53s
200 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
$ npm run test
> cucumber-official@1.8.0 pretest
> npm run compile
> cucumber-official@1.8.0 compile
> tsc --build
> cucumber-official@1.8.0 test
> node ./dist/src/test/runTest.js
Downloading VS Code 1.85.1 from https://update.code.visualstudio.com/1.85.1/darwin/stable
Downloading VS Code [==============================] 100%
Downloaded VS Code into /Users/dom/git/vscode/.vscode-test/vscode-darwin-1.85.1
Downloaded VS Code into /Users/dom/git/vscode/.vscode-test/vscode-darwin-1.85.1
2023-12-20 14:30:19.263 Electron[94335:1720694] WARNING: Secure coding is not enabled for restorable state! Enable secure coding by implementing NSApplicationDelegate.applicationSupportsSecureRestorableState: and returning YES.
[main 2023-12-20T13:30:20.199Z] update#setState disabled
[main 2023-12-20T13:30:20.201Z] update#ctor - updates are disabled by the environment
Via 'product.json#extensionEnabledApiProposals' extension 'ms-python.python' wants API proposal 'registerIssueDataProvider' but that proposal DOES NOT EXIST. Likely, the proposal has been finalized (check 'vscode.d.ts') or was abandoned.
2023-12-20 14:30:22.264 Code Helper (Renderer)[94342:1720943] CoreText note: Client requested name ".NewYork-Regular", it will get TimesNewRomanPSMT rather than the intended font. All system UI font access should be through proper APIs such as CTFontCreateUIFontForLanguage() or +[NSFont systemFontOfSize:].
2023-12-20 14:30:22.264 Code Helper (Renderer)[94342:1720943] CoreText note: Set a breakpoint on CTFontLogSystemFontNameRequest to debug.
Started local extension host with pid 94354.
Loading development extension at /Users/dom/git/vscode/dist
Extension Test Suite
✔ Sample test
1 passing (5ms)
[main 2023-12-20T13:30:24.525Z] Extension host with pid 94354 exited with code: 0, signal: unknown.
Exit code: 0
Done
I did rebase and update my PR.
Hi @nodeg,
Thanks for your making your first contribution to Cucumber, and welcome to the Cucumber committers team! You can now push directly to this repo and all other repos under the cucumber organization! 🍾
In return for this generous offer we hope you will:
On behalf of the Cucumber core team, Aslak Hellesøy Creator of Cucumber
🤔 What's changed?
2 dependencies in
package.json
and one inpackage-lock.json
⚡️ What's your motivation?
Get rid of:
🏷️ What kind of change is this?
♻️ Anything particular you want feedback on?
I ran the updated test and a build afterwards with success:
📋 Checklist:
This text was originally generated from a template, then edited by hand. You can modify the template here.